Solved

The use of certificates in LogPoint

  • 30 November 2021
  • 3 replies
  • 775 views

Userlevel 2
Badge +1

Hi

I need a description of the usage of cerificates in LogPoint

What are the recomandations?

Which certificate are stored where?

Which cautions should be taken when replacing certificates?

the location of each respective certificate

  • HTTPS
  • Syslog SSL
  • LPA

Regards

Hans

icon

Best answer by Nils Krumey 3 December 2021, 11:15

View original

3 replies

Userlevel 4
Badge +7

Hi,

There are a few caveats around uploading your certificates directly from the shell, for example in terms of which user owns them (loginspect:loginspect), and if the configuration has to be pointed to a different certificate the configuration needs to be regenerated as well. So in most cases I would recommend uploading certificates from the GUI.

The web server certificates are kept in
/opt/makalu/etc/remote_connection/https_certificates/
On the LogPoint server you can generate a private key using

openssl genrsa -out private.key 2048

and then a certificate signing request using

openssl req -new -sha256 -key private.key -out logpointserver.csr

Once you have the resulting certificate you can upload them through the web interface under Settings → System Settings → HTTPS. Note that in my experience, certificates from Windows signing authorities are in binary format and need to be converted into the textual PEM format for use with OpenSSL in LogPoint.

The Syslog certificates are kept in 
/opt/immune/etc/remote_connection/certificates/

With LogPoint 6.12 the Syslog certificates can also be uploaded directly from the GUI under Settings → System Settings → Syslog TLS. I usually find that the systems sending encrypted Syslog data are already using their own keys and we just supply those to LogPoint.

For the Windows agent you can generate your own certificates from the Plugin GUI under Settings → System → Plugins → Search for “LPA” → Manage. These are then pushed to the agents. There is not usually a need to supply your own, but you can upload them from the GUI there as well.

The Windows agent certificates are kept in
/opt/makalu/storage/col/lpamanager/certs

As for best practices, perhaps some other people can join in, as I only ever see test, demo and POC systems! :)

 

Userlevel 2
Badge +1

Hi

Think I got my questions answered Thanks a lot!.

 

Regards

Hans

Just for reference - the syslog certificates uploaded through the web UI are stored under

/opt/makalu/etc/remote_connection/syslog_certificates

at least in v6.12.2, maybe earlier-

Reply